Introducing IPv6 | Neighbor Discovery & SLAAC
You made it!
And now here you are, at the final installment of the don’t panic series: Introducing IPv6. If you’ve read the entire series (you have haven’t you?), than you have already learned to understand and classify IPv6 addresses as well as all about IPv6 headers. That means it’s time for you to take on the final piece needed to fully introduce IPv6:
Neighbor Discovery and SLAAC
IPv6 Neighbor Discovery combines and improves upon the functionality found in Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP), Router Discovery and ICMP-Redirects in IPv4, and adds some new features as well.
Neighbor Discovery includes four main functions:
- Router Discovery: Routers periodically send out router advertisement messages to announce their presence, advertise prefixes that are on-link, assist in address configuration and share other information about the link (MTU, hop limit, etc.)
- Neighbor Discovery: IPv6 nodes communicate their link-layer addresses to each other using neighbor solicitation and neighbor advertisement messages. These messages are also used to detect duplicate addresses and test reachability.
- Neighbor Unreachability Detection: IPv6 nodes rely on positive confirmation of packet delivery. This is accomplished in two ways. First, nodes “listen” for new acknowledgements being returned or similar upper-layer protocol confirmation that packets sent to a neighbor are in fact reaching their destination. When such confirmation is absent, the node sends unicast neighbor solicitation messages to confirm next-hop reachability.
- Redirects: Very similar to the ICMPv4 redirect feature, the ICMPv6 Redirect message is used by routers to inform on-link hosts of a better next-hop for a given destination. The intent is to allow the router(s) to help hosts make the most efficient local routing decisions possible.
As mentioned above, Neighbor Discovery has many improvements and new features when compared to the corresponding IPv4 protocols. Some of the most notable differences are:
- Neighbor Discovery moves address resolution to the ICMP layer which makes it much less media dependant than ARP as well as adding the ability to use IP layer security when needed.
- Neighbor Discovery uses link-local addresses. This allows all nodes to maintain their router associations even when the site is renumbered to a new global prefix.
- All Neighbor Discovery messages carry link-layer address information so a single message (or pair of messages) is all that is needed for nodes to resolve the other’s addresses; no additional address resolution is needed.
- Neighbor Unreachability Detection is built in, making packet delivery much more robust in a changing network. Using Neighbor Unreachability Detection, Neighbor Discovery will detect router failures, link failures and most notably partial link failures such as one-way communication.
- Router Advertisements carry prefixes (including netmasks) and support multiple prefixes on the same link. Hosts can learn on-link prefixes from router advertisements or, when the router is configured to withhold them, from redirects as needed.
In addition to everything discussed above, Neighbor Discovery also enables address autoconfiguration – namely Stateless Address Autoconfiguration (SLAAC). IPv6 maintains the capability for stateful address assignment through DHCPv6 (and static assignment) but SLAAC provides a very lightweight address configuration method that may be desirable in many circumstances.
SLAAC provides plug-and-play IP connectivity in two phases: Phase 1 – Link-Local address assignment and then in Phase 2 – Global address assignment.
Phase 1 – Link-Local Address
Phase 1 steps for local connectivity:
- Link-Local Address Generation: Any time that a multicast-capable IPv6-enabled interface is turned up, the node generates a link-local address for that interface. This is done by appending an interface identifier to the link-local prefix (FE80::/10).
- Duplicate Address Detection: Before assigning the new link-local address to its interface, the node verifies that the address is unique. This is accomplished by sending a neighbor solicitation message destined to the new address. If there is a reply than the address is a duplicate and the process stops (requiring operator intervention).
- Link-Local Address Assignment: If the address is unique, the node assigns it to the interface it was generated for.
At this point, the node has IPv6 connectivity to all other nodes on the same link. Only hosts move on to Phase 2; a router’s interface addresses must be configured by other means.
Phase 2 – Global Address
And phase 2 steps for global connectivity:
- Router Advertisement: The node sends a router solicitation to prompt all on-link routers to send it router advertisements. When the router is enabled to provide stateless autoconfiguration support, the router advertisement will contain a subnet prefix for use by neighboring hosts.
- Global Address Generation: Once it receives a subnet prefix from a router, the host generates a global address by appending the interface id to the supplied prefix.
- Duplicate Address Detection: The host again performs duplicate detection, this time for the new global address.
- Global Address Assignment: Assuming that the address is not a duplicate, the host assigns it to the interface.
There you have it, full IPv6 global connectivity with no manual host configuration and very little router configuration.
Want to learn more about Neighbor Discovery and SLAAC? Read RFC 4861 “Neighbor Discovery for IP version 6 (IPv6),” RFC 4862 “IPv6 Stateless Address Autoconfiguration” and RFC 4339 “IPv6 Host Configuration of DNS Server Information Approaches.”
I really hope you’ve enjoyed all four parts of this series, and more to the point; I really hope you’ve learned a few things about IPv6! I’d love to hear from you if you have (or if you haven’t). Also, if you have questions, or topic requests/ideas for future posts, please feel free to send those to me – I’ll do my best to address them. =)
And, if you want more IPv6 knowledge dropped on you right now, check out this IPv6 Routing Deep Dive post, which includes slides from last year’s Rocky Mountain IPv6 Summit. Or pick up one (or both) of my Juniper Day One books: Exploring IPv6 and Advanced IPv6 Configuration. Both are available as free eBooks from Juniper, or for $0.99 on Amazon and Apple. Printed versions cost a bit more of course.